package com.winning.pmph.filter;

import org.apache.http.util.Asserts;

import javax.servlet.*;
import java.io.IOException;
import java.util.Map;

/**
 * 过滤有SQL注入的企图的接口调用
 *
 * @author 吴笛
 */
public class SQLInjectionFilter implements Filter {
    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
        Map<String, String[]> map = request.getParameterMap();
        boolean hasInvalidParamVal = false;
        for (String[] value : map.values()) {
            if (value[0].contains("extractvalue")) {
                hasInvalidParamVal = true;
                break;
            }
        }
        Asserts.check(!hasInvalidParamVal, "An attempt was made to insert an illegal SQL statement into a parameter");
        chain.doFilter(request, response);
    }
}
